Hi,

If it's only bind and nothing else, this user won't be able to read any information concerning the monitor backend.

If you want to really really restrict this user to access unneeded data, list what attributes the check_ldap need to read, and allow your user to read only those.

-- Esteban
http://gepsit.fr


On Mon, Nov 25, 2013 at 12:20 PM, ML mail <mlnospam@yahoo.com> wrote:
Hello,

I would like to monitor connectivity to my OpenLDAP using nagios with its check_ldap script and was wondering which minimal ACL would you recommend for that purpose?

For that purpose I will be using a dedicated user such as cn=nagios,ou=users,dc=domain,dc=tld and would like it just to be able to bind to dc=domain,dc=tld and nothing else. Any recommendations?

Thanks
ML